BYOD Policies And Rules To Follow

So I’m curious for those SMBs that do allow BYOD policies (Bring Your Own Devices). What sort of restrictions do you, your IT department and the management agree upon for those using their own devices?

Do you feel it’s more necessary to impose tighter restrictions on smart phones than laptops or desktops?

Seems kind of silly if you ask me to not have a balance of policies across all devices, just certain ones. Here’s a couple of rules you should look into when deciding BYOD policies.

With BYOD Policies The Security Should Match the Risk

Pretty simple actually. You don’t need excessive amounts of security if the risk of data loss is smaller than the protection needed.

Most devices should carry the bare necessities, an anti-virus program that is up to date and a brain with enough common sense to know what kind of sites are not okay to go to and what kind of emails are not okay to open.

If your information is much more sensitive than that then consider moving up a notch in security with encryption software on the employee’s devices.

All for One, Not Just One

Every company will have different policies and restrictions based on what the company does for BYOD.

If you tell the employee that they need to have disk encryption, that disk encryption should be on everything not just one thing. The desktop, mobile phone and laptop that the employee has that they are using to do their job should all have encryption.

Employees Should Police One Another, Not Rely On IT

This one can be applied to a few different areas, but we’ll stick to the topic at hand.

Expecting IT to be the ones to monitor and police activity on BYODs is asking for a bit much. Their job is not to be security, their job is to be IT. If you want a security team, hire a security team.

But in reality you shouldn’t need either. If an employee is doing something bad with their own device involving company resources, the employee should be reprimanded appropriately for it. Don’t rely on technology or your IT to do the work for you.

In the end I still think BYOD policies are an IT nightmare due to the fact that everyone has different devices and IT is expected to know how to handle all of them. But if you’re going to do it, then at least be smart about what sort of policies you have to go along with it.

This entry was posted on Tuesday, November 13th, 2012 at 1:19 PM and is filed under management. You can follow any responses to this entry through the RSS 2.0 feed.
You can skip to the end and leave a response. Pinging is currently not allowed.